In-Depth
Systems Engineering: COM+, The Secret to High-Performance Application Servers
An understanding of COM+ will help you troubleshoot and resolve application problems.
When Windows 2000 ships, it will include a new version
of the Component Object Model (COM) infrastructure important
enough to receive a plus sign. If you’re a systems administrator,
you may ask, “So what?” After all, why should you care
about components and objects? That’s the programmer’s
job. Let them figure it out. The problem is, with COM+,
the line between the job of the programmer and the systems
administrator begins to blur. More accurately, it blurs
a little more.
The change really began when Microsoft released Microsoft
Transaction Server. MTS allowed developers who built COM
components to let the OS worry about some of the infrastructure
issues that arise when you have a lot of users trying
to access the same application services. This was a great
boon to developers of distributed applications and allowed
enterprise applications to be developed much more quickly
than before. It also allowed better integration with Windows
NT security and eased application maintenance due to network
and security policy changes. MTS packages and their security
roles could be manipulated in the Microsoft Transaction
Server MMC snap-in. If a systems administrator added a
group, he or she could simply launch the MTS snap-in and
add the new group to the appropriate roles. Of course,
the systems administrator would need to know which roles
were affected.
COM+ integrates the features provided by MTS into Win2K
and provides other services aimed at helping developers
build the distributed enterprise applications that are
in demand.
The overall effect of COM+ is that functionality that
once had to be uniquely coded for each application is
now implemented by the OS. It can simply be switched on
or off, depending on the application’s requirements. For
example, a payroll application may require more stringent
security than a vacation request application. The developer
or administrator can configure the payroll application
to use a higher authentication level, while maintaining
minimal security on the vacation request application.
Most of these switches are available to systems administrators
though the Component Services snap-in included with Win2K.
Don’t panic. A lot of these settings will still be configured
by the programmer and set when you install the components.
However, it’ll be important for you to understand what
they are, where they can be modified, and the potential
impact of modifying them. There are also two key features
of COM+ that will primarily be the domain of the systems
administrator: security and load balancing. We’ll look
at each feature of COM+ a little later, but first let’s
step back and look at the relationship between COM+, the
OS, and the applications that run on it.
So What is COM+?
In a way, COM+ is like a motherboard for applications.
It provides services for the components that make up a
distributed application. It also synchronizes and manages
their operation. When you install and configure a COM+
application, you hook it up to the virtual motherboard
and set some attributes through the Component Services
snap-in. Once an application is hooked up and configured,
the OS will be able to interface with COM+ services to
manage it.
Of course, since software components serve a different
function than hardware components, the attributes you
set will be different. There are some key concepts behind
these attributes that will be a little new at first. The
remainder of this article will focus on these.
Transactions
Transactions are used when multiple things need to happen
in order to obtain a result that makes everyone happy.
Consider what happens when you buy a car. You must make
a down payment, the loan must be approved, and you must
drive away in your new car. If any of those things fails
to happen, none of them should happen. Otherwise, either
you or the car dealer will be unhappy with the result.
COM+ implements transaction handling by calling on the
Distributed Transaction Coordinator (DTC) that’s part
of Win2K. DTC coordinates the resource managers (like
SQL Server) involved to make sure they’re all satisfied
with the outcome before telling them to commit the changes
to permanent storage. The DTC can coordinate a variety
of resource managers in a single transaction. For example,
you may have an application that needs to modify a SQL
Server database and an IBM DB2 database. DTC can allow
these modifications to occur within the context of a single
transaction.
Components enlisted in a transaction are said to run
within the context of a transaction. If that component
creates an instance of another component, that context
may be passed on to the new component, depending on how
the component’s transaction attribute is set.
Setting the attribute for how transactions are handled
requires detailed knowledge of how the components work.
So this attribute will generally be set by the application
developer and configured automatically during installation.
| Transaction
Settings in COM+ |
The five possible settings
for how a component participates in transactions
are:
- Disabled—A
component marked as Disabled won’t
use COM+ to handle transactions. Instead,
it will interact directly with the
DTC. This option will be used when
the developer wants to control transactions
inside each component’s code.
- Not Supported—A
component so marked won’t pay any
attention to the transactional context.
If it creates objects, it won’t pass
that context on. This setting can
result in inconsistency and should
be used rarely.
- Supported—A
component that supports transactions
won’t participate in the transaction
but will pass the context on to any
objects it creates. An example of
this might be a car maintenance check-off
component. It can’t vote on whether
the sale of the car succeeds, but
it should pass on the context of the
transaction to any objects it creates.
- Required—A
component that requires transactions
enlists in the existing transaction,
or if none exists, a new transaction
will be created. The down payment,
loan approval, and key-granting components
are all examples of those that require
transactions.
- Requires New—If
a component requires a new transaction,
COM+ will create a new transactional
context in which to run it. Any objects
it creates will be enlisted in the
new transaction. The vehicle licensing
component might be one that requires
a new transaction. It doesn’t affect
whether or not the sale of the car
succeeds, but it has its own transactional
components, such as smog check, insurance,
fee payment, and license granting
components.
—Rachelle Reese
|
|
|
Security
Security has always been the domain of the systems administrator
when it comes to file and printer access. However, since
there was no easy way to integrate application security
with OS security, some applications implemented their
own security model that couldn’t be managed by a systems
administrator. COM+ (and, in fact, MTS) puts the control
of application security into the hands of the systems
administrator.
Security consists of authentication and authorization.
Authentication in COM+ is configured at the application
level. You can set security properties on each application
to determine whether security is checked for the application,
what information is encrypted, and how often the user’s
identity is verified. Keep in mind that the higher the
level of authentication, the greater the impact on performance.
Available levels are shown in Table 1.
| Table 1.
Authentication levels. |
| Authentication |
When
the user's identity gets verified |
What's
encrypted |
| None |
Never. Anonymous users allowed
access. |
Nothing |
| Connect |
At connection |
Nothing |
| Call |
Every method call |
Packet sequence number |
| Packet |
Every packet |
Packet sequence number |
| Packet Integrity |
Every packet |
Checksum of data |
| Packet Privacy |
Every packet |
All data |
|
|
Authorization is accomplished by defining security roles.
A role is similar to a group in that it describes a type
of user. However, a group is a company-wide association;
a role is an application-specific association. For example,
a payroll application might have an Employees role and
a PayrollAdmins role. Some components in the application
would be accessible only to the PayrollAdmins. Others
would be accessible to all Employees. These roles are
integrated within the security of the OS by assigning
users and groups to them. In this case, you might assign
the Domain Users group membership in the Employees role
and the HRManagers and AccountingManagers groups membership
in the PayrollAdmins role. Although application developers
may define the roles and assign them to interfaces and
components, it will generally be up to the systems administrator
to make sure those roles contain the appropriate users
and groups.
Under MTS, roles could be defined at the component and
interface level. COM+ will allow an even finer level of
granularity—roles can be associated with individual methods
of a component. While this gives the developer a great
deal of control over who can access what, it adds a layer
of complexity that may make troubleshooting security problems
more difficult. As an administrator, you’ll need to understand
how role-based security works in order to troubleshoot
problems that may arise and to maintain role membership
as the users and groups in your network change.
ODBC Connection Pooling
Database connections are critical but scarce resources.
When you buy licenses for a database server like SQL Server,
you typically buy a certain number of concurrent connections.
In addition, opening database connections is an expensive
operation. As the number of users increases, you may find
yourself running out of database connections or that performance
decreases due to the overhead of opening network connections.
COM+ (and MTS) helps alleviate this problem by providing
database connection pooling. Instead of a database connection
being tied up when a component isn’t using it, database
connections are pooled by COM+. When a component attempts
to use a database connection, COM+ provides one from its
pool. This allows applications to use a lower number of
connections more efficiently. Although connection pooling
was available starting with ODBC 3.0, developers had to
make specific calls to cause connections to be pooled.
COM+ automatically makes these calls when managing connections.
Just-In-Time Activation and Object Pooling
Another way in which COM+ will help conserve resources
and make applications more scalable is through Just-in-Time
(JIT) Activation and Object Pooling. When a client application
or component creates an object in memory, it results in
a delay while the object is loaded into memory and initialized.
Of course, it’s inefficient for applications to create
and release objects frequently. However, in a distributed
environment, there may be many applications creating objects,
using them, and leaving them open just in case they’ll
need the object again. This results in a lot of memory
being consumed by objects that aren’t in use. Currently
MTS provides JIT activation to alleviate that problem.
MTS basically tricks a client application into believing
that it has a persistent connection to the same object,
even though that object may be deactivated and assigned
to another client multiple times during its lifetime.
That means a single object can service multiple clients
at the same time.
COM+ expands on the idea of JIT activation by allowing
a component to participate in object pooling. With object
pooling, the administrator can set the minimum and maximum
number of objects of a particular type. When the OS starts
up, the minimum number of objects will be created and
assigned to clients as they’re requested. As more clients
request objects, new instances will be loaded into memory
as necessary.
Queued Components
COM+ will also provide support for Queued Components
(QC). This technology will allow developers to easily
accommodate servers that are sometimes unavailable. QCs
work with the Microsoft Message Queue (MSMQ) service to
ease communication that’s not time-dependent.
To use the QC services, an application developer creates
an object using a special function. This function actually
creates a recorder object (QC.Recorder) that serves as
a proxy for the actual component. The application then
calls methods on the proxy and they’re recorded. When
the object is closed, the recorded methods are sent as
a message to the component’s MSMQ queue component.
Messages are retrieved off the queue by the QC.ListenerHelper
component. This component (and the QC.Recorder component)
is installed in the COM+ Utilities application and can
be activated through the Component Services snap-in. The
QC.ListenerHelper component creates a player, which reads
the message and creates the appropriate object. The player
then calls each method in the recorded message on the
actual object.
As an administrator, you may be responsible for activating
the QC.ListenerHelper service and for alerting in-house
developers to problems that arise when a message has problems
that cause its transaction to abort. If a message fails
a certain number of times during playback, it will be
put in the dead queue. If the problem that caused the
failure is resolved, you can replay the message by moving
it from the dead queue into the original queue and activating
the ListenerHelper service.
Loosely-coupled Events
Another important feature of COM+ is the ability for
components to subscribe to events. This feature is known
as loosely-coupled events. Loosely-coupled events are
implemented through a publish-subscribe methodology. If
you’re familiar with SQL Server replication, this concept
will be somewhat recognizable. Under COM+ an event provider
component publishes events, and other components can subscribe
to those events. While it’s up to software developers
to provide the event provider components, as an administrator,
you may need to configure the subscribers.
Subscribers can request that they be notified whenever
an event occurs or only if it’s reporting a specific condition.
For example, suppose a publisher supplies a BankBalanceChange
event. The MoneyTransfer component may only be interested
in receiving that event if the account balance is less
than $10. To enable this type of behavior, you would set
a filter on the component’s subscription.
Load Balancing
For applications that need to support a large number
of users, the COM+ implementation in the Windows 2000
AppCenter edition will offer Component Load Balancing
(CLB). Windows 2000 AppCenter is expected to be released
sometime in the second quarter of 2000.
With CLB, it’s fairly easy to allow the OS to choose
which server is least busy and launch a component there.
To enable CLB, you need to configure one server as a load
balancing router. This will be the system that determines
where each instance of each component should run. Only
machines running Windows 2000 AppCenter can be configured
as a load balancing router.
One potential problem with CLB is that you can configure
only a single computer as a router. This means that the
CLB router is a single point of failure. You can compensate
by using CLB in conjunction with Microsoft Cluster Service.
To configure this, you need an external SCSI device attached
to two Win2K servers. First, you configure the clustering
service on each computer. Next, you install the components
and configure the COM+ applications on the server that
will act as the primary CLB router. Finally, you install
the components and configure the COM+ applications on
the server that will act as the secondary CLB router.
This redundant server will take over in the event that
the primary CLB router fails.
Essential for High-Performance Application
Servers
As you can see, a solid understanding of the services
COM+ provides will be essential to maintaining reliable,
high-performance, scalable application servers using Win2K.
Although application developers will often set application
attributes and define security roles prior to deployment,
some of these attributes can later be reconfigured by
systems administrators as the company’s needs or environmental
conditions change.
In addition, understanding the services
COM+ provides can help you troubleshoot and resolve application
problems that may arise. Take some time to investigate
COM+ and the component configuration property pages in
the Component Services snap-in. Finally, do some extra
reading. In the “Additional Information” list, I’ve provided
a list of resources to help you on your way to mastering
COM+ configuration and administration.